Privacy Policy

For data about your tenant workspace and its members (employees, crews, office staff), the workspace owner - typically the trade business that subscribes to HudsonWorks - is the data controller. HudsonWorks acts as a processor on the workspace's behalf and only uses the data to operate the Service.

For data about visitors to www.hudsonworks.com and individuals who contact us through the marketing site, HudsonWorks is the controller.

Account and identity data

• Name, work email address, optional username, password hash, assigned role within the workspace.
• When you sign in with Apple or Google, the unique identifier and email address that the provider returns. We do not receive your social-provider password.
• Device identifiers for push delivery (Expo push tokens, the device name as you set it on your phone, and the platform name - iOS or Android).

Workspace content

• Records you create inside HudsonWorks - customers, projects, tasks, time entries, proposals, contracts, invoices, vendor records, calendar events, and notes. These belong to your tenant.
• Photos and file attachments you upload to records inside the app.

Operational data

• Server logs (timestamp, IP address, request path, response status). Retained for up to 30 days then aggregated or deleted.
• Crash and diagnostic reports from the mobile apps.
• Aggregated usage metrics that do not identify individual users.

Location data (mobile app, opt-in)

• When you grant location permission and clock in or out, we record the approximate location of the device at that moment so the time entry is tied to the correct job site. We do not track location continuously or in the background. You may revoke location access at any time in your device settings; clocking in/out continues to work without location.

Billing data

• Subscription identifiers and invoicing records for your workspace. We do not store your card details - payments are processed through a PCI-DSS compliant processor that issues us a token only.

• To operate the Service you signed up for.
• To deliver push notifications you have asked us to send (task assignments, schedule changes, time reminders).
• To investigate abuse, debug failures, and improve reliability.
• To bill you for the subscription, and to send transactional emails about the Service (sign-in, password reset, security notices, billing).
• To comply with applicable law, respond to subpoenas, and protect HudsonWorks and our users from fraud.

• We do not sell your data or your customers' data, ever.
• We do not use your workspace content to train AI models.
• We do not process customer card payments through HudsonWorks. You record customer payments manually on your end.
• We do not pull events from your connected Google Calendar back into HudsonWorks. Calendar sync is one-way (push only).
• We do not see the contents of envelopes signed through your connected DocuSign account.
• We do not include third-party advertising trackers in the mobile apps. The mobile app does not collect the Apple advertising identifier (IDFA).
• We do not perform continuous or background location tracking.

We use the following sub-processors to operate the Service:

• Amazon Web Services - infrastructure hosting, S3 file storage. US regions only.
• Algolia - search index for tenant-scoped data.
• Expo Application Services - mobile push delivery and over-the-air updates.
• Resend - transactional email delivery.
• DocuSign - contract signing (each tenant authorizes its own DocuSign account).
• Google APIs - Calendar push and Maps geocoding.
• Apple Inc. and Google LLC - identity providers for Sign in with Apple and Sign in with Google.

We update this list when we add or change sub-processors. Tenant owners are notified of material changes via email at least 30 days in advance.

Every tenant's data lives behind a strict tenant_id scope at the database and search-index level. All API requests are authenticated by bearer token and the tenant is resolved from the token, not from the client.

HudsonWorks staff with super-admin access can view tenant lists and subscription state but do not access tenant business records as part of normal operations. Access for support purposes requires the tenant owner's consent and is logged.

Data in transit is encrypted with TLS 1.2 or higher. Data at rest is encrypted using AWS-managed keys (AES-256). Mobile session tokens are stored in the iOS Keychain or the Android Keystore via expo-secure-store.

Depending on where you live, you may have the following rights regarding your personal data. We honor these requests for all users, regardless of jurisdiction.

• Access - request a copy of the personal data we hold about you.
• Correction - request that we correct inaccurate data.
• Deletion - request that your personal data is deleted. You can perform self-deletion of your account directly inside the mobile app under More → Delete account, or by emailing privacy@hudsonworks.com. See Section 8 for what happens on deletion.
• Portability - request a machine-readable export of your data.
• Restriction or objection - ask that we limit or stop certain uses of your data.
• Withdraw consent - at any time, where we are relying on consent to process your data (such as location).
• Lodge a complaint - with a supervisory authority in your jurisdiction.

California residents have additional rights under the CCPA / CPRA including the right to know, the right to delete, the right to correct, the right to opt out of sale or sharing (we do neither), and the right to non-discrimination for exercising these rights.

Self-service deletion (mobile app): Inside the HudsonWorks mobile app, open More → Delete account and confirm by typing DELETE. When you submit the request:

• Your name, email, username, and password hash are removed.
• All your active sessions on every device are invalidated.
• All push notification tokens registered to your devices are deleted.
• Your user preferences are deleted.
• Records you authored that are referenced by other workspace members (for example, time entries linked to a project) are retained but with your name redacted to "Removed user".

Workspace owners cannot self-delete from the mobile app, because a tenant cannot be left ownerless. Owners should email support@hudsonworks.com to either transfer ownership or delete the workspace.

Workspace deletion: on subscription cancellation we retain workspace data for a 30-day grace period in case of recovery, then we permanently delete it. The 30-day window can be shortened on written request from the workspace owner.

Backups: deleted data may persist in encrypted backups for up to 35 days before being overwritten. We do not restore from backup to undo a deletion.

HudsonWorks is a business tool for adults employed in trade service companies. The Service is not directed to children under 16 and we do not knowingly collect personal data from anyone under 16. If you believe a child has provided us personal data, please contact privacy@hudsonworks.com and we will delete it.

The Service is operated from the United States. If you access the Service from outside the United States, your data is transferred to and processed in the United States. We rely on appropriate safeguards (standard contractual clauses where applicable) for transfers from jurisdictions that require them.

We may update this policy as the Service evolves. Material changes will be communicated to workspace owners by email at least 30 days before they take effect, except where a shorter notice is required by law. The "Last updated" date at the top reflects the most recent change.

For privacy questions, exercising your rights, or to reach our Data Protection contact:

• Email: privacy@hudsonworks.com
• Postal: HudsonWorks, Inc., Attn: Privacy, United States.

We aim to respond to verifiable requests within 30 days.